.\"
.\"	$OpenBSD: SSL_CTX_set_msg_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
.\"
.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_SET_MSG_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_msg_callback ,
.Nm SSL_CTX_set_msg_callback_arg ,
.Nm SSL_set_msg_callback ,
.Nm SSL_get_msg_callback_arg
.Nd install callback for observing protocol messages
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fo SSL_CTX_set_msg_callback
.Fa "SSL_CTX *ctx"
.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
.Fc
.Ft void
.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
.Ft void
.Fo SSL_set_msg_callback
.Fa "SSL *ssl"
.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
.Fc
.Ft void
.Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg"
.Sh DESCRIPTION
.Fn SSL_CTX_set_msg_callback
or
.Fn SSL_set_msg_callback
can be used to define a message callback function
.Fa cb
for observing all SSL/TLS protocol messages (such as handshake messages)
that are received or sent.
.Fn SSL_CTX_set_msg_callback_arg
and
.Fn SSL_set_msg_callback_arg
can be used to set argument
.Fa arg
to the callback function, which is available for arbitrary application use.
.Pp
.Fn SSL_CTX_set_msg_callback
and
.Fn SSL_CTX_set_msg_callback_arg
specify default settings that will be copied to new
.Vt SSL
objects by
.Xr SSL_new 3 .
.Fn SSL_set_msg_callback
and
.Fn SSL_set_msg_callback_arg
modify the actual settings of an
.Vt SSL
object.
Using a
.Dv NULL
pointer for
.Fa cb
disables the message callback.
.Pp
When
.Fa cb
is called by the SSL/TLS library for a protocol message,
the function arguments have the following meaning:
.Bl -tag -width Ds
.It Fa write_p
This flag is 0 when a protocol message has been received and 1 when a protocol
message has been sent.
.It Fa version
The protocol version according to which the protocol message is
interpreted by the library.
Currently, this is one of
.Dv SSL2_VERSION ,
.Dv SSL3_VERSION
and
.Dv TLS1_VERSION
(for SSL 2.0, SSL 3.0 and TLS 1.0, respectively).
.It Fa content_type
In the case of SSL 2.0, this is always 0.
In the case of SSL 3.0 or TLS 1.0, this is one of the
.Em ContentType
values defined in the protocol specification
.Po
.Dq change_cipher_spec(20) ,
.Dq alert(21) ,
.Dq handshake(22) ;
but never
.Dq application_data(23)
because the callback will only be called for protocol messages.
.Pc
.It Fa buf , Fa len
.Fa buf
points to a buffer containing the protocol message, which consists of
.Fa len
bytes.
The buffer is no longer valid after the callback function has returned.
.It Fa ssl
The
.Vt SSL
object that received or sent the message.
.It Fa arg
The user-defined argument optionally defined by
.Fn SSL_CTX_set_msg_callback_arg
or
.Fn SSL_set_msg_callback_arg .
.El
.Sh NOTES
Protocol messages are passed to the callback function after decryption
and fragment collection where applicable.
(Thus record boundaries are not visible.)
.Pp
If processing a received protocol message results in an error,
the callback function may not be called.
For example, the callback function will never see messages that are considered
too large to be processed.
.Pp
Due to automatic protocol version negotiation,
.Fa version
is not necessarily the protocol version used by the sender of the message:
If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
.Fa version
will be
.Dv SSL3_VERSION .
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_new 3
.Sh HISTORY
.Fn SSL_CTX_set_msg_callback ,
.Fn SSL_CTX_set_msg_callback_arg ,
.Fn SSL_set_msg_callback
and
.Fn SSL_get_msg_callback_arg
were added in OpenSSL 0.9.7.
